3 Key Weaknesses in Call Center Authentication Process.
Call center agents aim to provide exceptional experiences by listening carefully and reacting promptly to customer requests. The system weakness is it does not always recognize spoofed calls from ever-sophisticated defrauders.
Atlanta- based voice security/authentication firm Pindrop Labs in its annual Call Center Fraud Report revealed a significant increase in the fraud rate, a jump of 113% year-over-year. Fraud rates in 2016 were 1 in 937 calls across the board, compared to 1 in 2,000 calls in 2015, according to Pindrop's 2016 report. For financial institutions, the rates were 1 in every 895 calls.
"The sophistication of the fraudsters, the expansion of criminal rings, heightened security in other channels, and the amount of information available on the dark web is making the call center the easiest fraud target in virtually every industry," Vijay Balasubramaniyan, CEO and co-founder of Pindrop, said.
This research analyzed more than half a billion calls protected by Pindrop's Phoneprinting[R] technology to identify three key weaknesses in the call center that have contributed to the increase in fraudulent activity. Pindrop's Phoneprinting technology helps identify, locate and authenticate phone devices.
In 2016, Pindrop's research showed that the total volume of fraudulent calls placed to call centers reached new elevations. One of the main drivers behind the rise in fraud in the call center is that the attackers getting better at their craft, and becoming more adept at social engineering techniques that help them bypass defenses. Another driver is that physical and digital security makes it harder to attack other channels. New spoofing and voice distortion technologies are giving fraudsters more options as they attack via the phone.
"Fraudsters are looking at lines of business, and accounts they can take over and wire money out of," Michael Hughes, VP of Americas at Pindrop, explained. They also look to take advantage of trust. "Credit unions have always been known for their very high focus and touch with members, who are everything to them. Fraudsters will play on that," Michael Hughes, VP of Americas at Pindrop, explained
The report highlighted three key weaknesses in many call centers today:
1. Technical: Fraudsters have the ability to spoof caller ID and use applications such as Skype or Google Voice to hide their identity and location. This data is now no better or more reliable than email addresses. Fraudsters also abuse interactive voice recognition systems to try to reset victims' PINs, test account numbers, or find more information on a target.
2. Human: The true target of call center fraud attacks is the employee on the other end of the line. With hundreds or thousands of legitimate calls for every "bad" call, customer service representatives focus on resolving customer issues efficiently. The risk of falling prey to a fraudster is high, and so is the potential downside if an agent mistakes a legitimate customer for a fraudster.
3. Organizational: Call centers handle huge volumes of activity and agents must resolve caller requests quickly because of performance measurements. Fraudsters use the data they've gathered on a target account to pass knowledge-based authentication tests and social engineer the agent into giving them access to the account knowing an agent's primary goal is to speed them to a resolution.
"Call center agents are not trained to identify fraud, they are trained to expedite a customer interaction process, to provide the best customer experience as possible and meet the customer's needs," Hughes said.